IT Policy for Berkeley Employees

Each member of the Berkeley campus community and all individuals who collect, use, disclose or maintain UC Berkeley information and electronic resources must comply with the full text of all UCB IT policies. Selected policies and topics are highlighted below.

Protect University Information and Electronic Resources

Safeguard Sensitive Information

Use of the following types of data requires extra sensitivity due to the significant potential for misuse and costly reporting requirements in the event of unauthorized access. If your work involves handling any of these types of data, you must receive special training in the protection of electronic information. In addition, any systems that process this data must employ additional security measures.

* Social Security Numbers
* CA Driver’s License Numbers
* CA Identification Number
* Credit Card Numbers
* Financial Account Information
* Health Information
* Health Insurance Information
* Confidential Student Data
* Data identified by contract as restricted (e.g., federal research contracts/grants)

Secure All Devices

Security protections are required on all networked devices (computers, smart phones, printers, etc.):

* Regularly install software updates
* Install anti-malware software
* Use a host-based firewall
* Ensure adequate physical security
* Disable unnecessary services
* Select strong passphrases

Report Security Incidents or Suspicious Activity

Immediately report security incidents or suspicions that University information pertaining to you or to others or resources is missing, has been accessed without authorization, or has been altered.

Do not attempt to correct security issues yourself! Your efforts (e.g., turning off a printer to clear sensitive information from memory) may destroy important evidence needed to determine the nature and extent of a problem.

Privacy of Electronic Communications

The University does not examine or disclose electronic communications records without the holder's consent; however, in some circumstances, information from your incidental personal activities may be accessed.

Routine Security Monitoring

Providers of electronic communications services ensure the integrity and reliability of systems under their control through the use of techniques that include routine monitoring of electronic communications (e.g., scanning, bandwidth monitoring).

Keep Personal Information Separate

When incidental personal use of electronic resources is allowed, you are encouraged to organize and clearly mark information that is personal.

  • For example, create a folder called "Personal" in your computer files or e-mail program to hold any personal information. When colleagues or supervisors need to find business-related information in your work area and you are not available to assist, these files will not be viewed.
  • Co-mingled information (mixed work and personal) is presumed to be University information.

Ownership

Information related to the organization, functions, policies, decisions, procedures, operations, or other business activities of the university is owned by the Regents of the University of California.

  • Significant University information should not be stored permanently in personal email accounts or computers, but should be stored in shared folders or institutional/departmental email accounts.
  • Upon separation from the University, all University property must remain with the University.

Use Campus Technology Responsibly

Campus computer use and network access is a privilege. Users must act responsibly and professionally, respect the rights of other users and treat them with civility, respect the integrity of the systems, data, and related physical resources, and observe all relevant laws, regulations, and contractual obligations.

Data / Record Retention

Know and follow record retention schedules: the less time you keep records (electronic and paper), the better! Organize and label the records you keep according to disposition dates.

Accessibility

The University of California is committed to taking concrete steps to ensure that University websites and electronic resources are accessible to people with disabilities.

Copyright

Secure appropriate permission when uploading and downloading electronic content including copyrighted or trademarked material, such as text, logos, images, video, sound, programs, music, movies, games, etc.